SOX Section 404: What Does It Mean? What Should You Do?

Sarbanes-Oxley (SOX) Section 404 is a looming requirement for businesses of your size, yet in the early stages of the financial regulation's life, few companies fully understand the law and its implications. And it's no wonder why; the entire section is embodied in less than 250 words.

SOX 404 requires that the annual report of a public company include a statement by management on the company's internal controls over financial reporting and the underlying systems and IT processes affecting the financials. That statement must also be affirmed by an auditor.

This can be a particularly difficult challenge when businesses lack the large IT budgets necessary to manage a compliance process effectively, in addition to day-to-day operational controls. This is precisely why the SEC decided to defer mandates for compliance with SOX 404 by businesses with a market cap of less than $75 million from July 2005 until July 2007.

It's expensive for companies of your size, too. According to a recent study done by the Small Business Administration, smaller businesses pay an average of 46 percent more per employee in meeting federal regulations for compliance than their larger counterparts. This is due in large part to the very nature of a business of your size having a workforce that is lean and nimble. It also stems from having to deal with an auditing process that appears overwhelming and loosely defined, and often entails a process of "rediscovery" of the circumstances surrounding events of long ago.

The problem lies in the fact that most companies with a market cap of less than $75 million that have IT departments lack the IT manpower, expertise, and resources necessary to begin a dedicated audit process. Whatever IT budget and manpower exists is prioritized for systems that directly drive product or services, versus controls initiatives.

In contrast, large corporations are able to rely on their own internal expertise to put controls and processes in place before an external auditor identifies areas of weakness. When businesses begin the audit process they often can use specialized consultants or external advisors who make recommendations of where internal processes and controls can be improved. That forces those companies to pay for the audit review process twice, but they usually get it right the first time.

Buyers Beware

With the deluge of attention being given to SOX today, many companies have come to the market claiming to have effective SOX solutions. But buyers should be wary: Very few one-stop compliance services are available in the market today. There are, however, a few steps a business of your size can take to get the ball rolling on the way to compliance with SOX 404.

The first step you should take is to identify the gaps within current internal financial controls. While this may require the assistance of an outside expert, it will get you closer to the final solution before the audit begins.

1 2 Next»

Copyright © 1999 - 2008 AllBusiness.com. All rights reserved. No part of this content or the data or information included therein may be reproduced, republished or redistributed without the prior written consent of AllBusiness.com. Use of this site is governed by our Copyright and Intellectual Property Policy, Terms of Use Agreement and Privacy Policy.

SmartCompany is now part of the award-winning AllBusiness.com family of small business resources. You'll still be able to find the terrific technology information that you've come to know and trust here on SmartCompany, PLUS all the advice and how-to information from AllBusiness.com, the one-stop resource for growing businesses. About Us.

Information and opinions on SmartCompany.com solely represent the thoughts and opinions of the authors and are not endorsed by, or reflect the beliefs of, SmartCompany.com, AllBusiness.com, its parent company D&B, and its affiliates.